04/28/2015

Cybersecurity Risks: Is It All Hype?

by Neil Farquharson

Are we being overly paranoid when it comes to cybersecurity? If you pay any attention to the media, it seems like there is an increasing deluge of frightening stories about corporate data breaches with hackers accessing credit card numbers, private emails, Social Security numbers and a range of other sensitive information. It’s enough to make a company want to go back to life pre-Internet. At the end of the day, just how scared should we really be? Are most companies really at risk of having their data stolen and PCs hijacked by malware? Or is it mostly hype? Here’s the thing — paranoia refers to irrational fears, but the fear of a breach is very rational. According to a recent study by Bloomberg, since 2005 more than 75 major data breaches (in which 1,000,000 or more records were compromised) have been publicly disclosed. Additionally, the Ponemon Institute released a report last September with the staggering finding that 43 percent of companies had a data breach in the past year. These numbers don’t lie. Whether you believe it or not, there are “bad guys” out there who will go to extreme measures to steal your company’s information and wreak havoc. Companies should be cautious and aware of the risks so they can make sure the right preventative measures are in place. CSO Online offers 10 great tips that can help information security leaders make sure they are ever-vigilant and have a proactive security posture.

Believe in defense-in-depth and constantly be looking for areas in which to add new and effective layered controls that align with risk mitigation objectives or emerging threats

Continually look to add additional instrumentation to widen scope and depth of coverage for existing controls

Always monitor the sensor network with eyes on the system and review of controls